2. Framing Options
Welcome to the "Framing Options" page. Here, you'll find a comprehensive table detailing various configuration settings, allowing you to customize which features are displayed to best align with your organization's needs.
Automatic Tailoring
CSFaaS provides three automatic tailoring levels that adjust the interface and functionality to match your organisation’s requirements:
Minimal
Enables basic features, ideal for organisations starting with essential functionality.
- Framework manager
- Policy Manager
- Risk Assessment Management
- Third party and Systems Management
- Evidences collection and Form Builder
Medium
Offers a balanced configuration with standard features, ideal for most use cases and allowing for future expansion:
- Everything in minimal
- Includes all features from the Minimal level
- Framework and Policies Manager Versioning
- Detailed control properties
- Detailed Risk profiling & SWOT analysis
- Enhanced Form Builder Integration in Demands and Systems
Optimal
Unlocks the full suite of features for comprehensive coverage and advanced capabilities:
- Includes all features from the Medium level
- Detailed Informations in Risk Assessment Demands
- Inherent Risk Analysis
- Advanced Third party Options
- Advanced System Options
Frameworks Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Versioning Capabilities | --- |  |  | |
| Comments | --- | | | |
| Applicability | --- | | | |
| Maturity | --- | | | |
| Resource Owners | --- | | | |
Policies Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Versioning Capabilities | --- | | | |
| Pending Framework Actions | --- | | | |
| Comments | --- | | | |
| Contextual Information | --- | | | |
| Maturity | --- | | | |
| Resource Owners | --- | | | |
| Control Properties | --- | | | |
| Control Progression (or Completion) | | | | |
| Periodicity Review | | | | |
| Control Maturity Level | | | | |
| Weighting | | | | |
| Functional Domains | | | | |
| Business Units | | | | |
| Control Owner | | | | |
| Information Security Property | | | | |
| Control Function | | | | |
| Privacy Control Function | | | | |
| Security Domains | | | | |
| Control Type | | | | |
| Operational Capabilities | | | | |
| Link Control to Framework | | | |
Demands Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Comments | --- | | | |
| Priority | --- | | | |
| Due Dates | --- | | | |
| Resource Owners | --- | | | |
| Demand Information | --- | | | |
| Demand Type | | | | |
| Project Phase | | | | |
| Request Impact | | | | |
| Region | | | | |
| Country | | | | |
| Business Unit | | | | |
| Functional Domain | | | | |
| Data Classification | | | | |
| Data State | | | | |
| PII / PHI | | | | |
| Contextual Information | --- | | | |
| BGO (Business Goals Objectives) | --- | | | |
| BDS (Business Drivers for Security) | --- | | | |
| Applicable Policies | --- | | | |
| Related Risks | --- | | | |
| Involved Third Parties | --- | | | |
| Involved Systems | --- | | | |
Risks Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Comments | --- | | | |
| Risk Profiling | --- | | | |
| Security Domain | | | | |
| Business Attribute | | | | |
| Risk Category | | | | |
| Risk Origin | | | | |
| STRIDE Threat Action | | | | |
| Threat Vector | | | | |
| Threat Action | | | | |
| Threat Actor | | | | |
| Threat Actor Motivation | | | | |
| Victim Quantification | | | | |
| Other Information | | | | |
| SWOT Analysis (Inherent) | --- | | | |
| Inherent Risk Statement | | | | |
| Inherent Strength | | | | |
| Inherent Weakness | | | | |
| Inherent Opportunity | | | | |
| Likelihood | | | | |
| Impact | | | | |
| Risk Level | | | | |
| Impact Type | | | | |
| SWOT Analysis (Current) | --- | | | |
| Current Risk Statement | | | | |
| Current Strength | | | | |
| Current Weakness | | | | |
| Current Opportunity | | | | |
| Likelihood | | | | |
| Impact | | | | |
| Risk Level | | | | |
| Impact Type | | | | |
| Recommended Controls | | | | |
| SWOT Analysis (Target) | --- | | | |
| Target Risk Statement | | | | |
| Target Strength | | | | |
| Target Weakness | | | | |
| Target Opportunity | | | | |
| Likelihood | | | | |
| Impact | | | | |
| Risk Level | | | | |
| Impact Type | --- | | | |
| Risk Response | --- | | | |
| Owner | | | | |
| Justification | | | | |
| Periodicity | | | | |
| Remediation Plan | --- | | | |
| Contacts | | | | |
| Due Date | | | | |
| Description | | | | |
| Implementation Challenges | | | |
Third Parties Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Resource Owners | --- | | | |
| Comments | --- | | | |
| Information | --- | | | |
| Third Party Parent Company | | | | |
| Third Party Contact Name | | | | |
| Third Party Business Unit | | | | |
| Third Party Region | | | | |
| Third Party Country | | | | |
| Third Party Type | | | | |
| Third Party IT Provider Type | | | | |
| Third Party Tier Level | | | | |
| Internal Contact | --- | | | |
| Data Classification | --- | | | |
| PII / PHI | | | | |
| Related Systems | --- | | | |
| Risk Assessments | --- | | | |
| Complementary Information | --- | | | |
Systems Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Resource Owners | --- | | | |
| Comments | --- | | | |
| Contacts | --- | | | |
| Business Owner | | | | |
| System Owner | | | | |
| Technical Owner | | | | |
| Information Owner | | | | |
| Other Contact | | | | |
| System Information | --- | | | |
| Region | | | | |
| Country | | | | |
| Business Unit | | | | |
| Functional Domain | | | | |
| Criticality | | | | |
| Internet Facing | | | | |
| Environment Stage | | | | |
| Operational Status | | | | |
| System Details | --- | | | |
| Architectural Domain | | | | |
| System Domain | | | | |
| System Accessibility | | | | |
| System Management | | | | |
| System Hosting | | | | |
| Cloud Type | | | | |
| Cloud Stack Components | | | | |
| Data Information | --- | | | |
| Data Classification | | | | |
| PII / PHI | | | | |
| Recovery | --- | | | |
| Recovery Time Objective (RTO) | | | | |
| Recovery Point Objective (RPO) | | | | |
| Related Systems | --- | | | |
| Risk Assessments | --- | | | |
| Complementary Information | --- | | | |
Evidences Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Display in Frameworks | --- | | | |
| Display in Policies | --- | | | |
| Display in Demands | --- | | | |
| Display in Registry | --- | | | |
| Display in Remediation Plans | --- | | | |
| Display in Third Parties | --- | | | |
| Display in Systems | --- | | | |
Form Builders Menu
| Option level 1 | Option level 2 | Minimal | Standard | Optimal |
|---|---|---|---|---|
| Display in Demands | --- | | | |
| Display in Third Parties | --- | | | |
| Display in System | --- | | | |